Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns

Finding Security Bugs in Web Applications using a Catalog of Access Control Patterns

We propose a specification-free technique for finding missing security checks in web applications using a catalog of access control patterns in which each pattern models a common access control use case. Our implementation, Space, checks that every data exposure allowed by an application's cod...

Full description

Bibliographic Details
Main Authors: Near, Joseph Paul, Jackson, Daniel
Other Authors: Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
Format: Article
Language:en_US
Published: Association for Computing Machinery (ACM) 2016
Online Access:http://hdl.handle.net/1721.1/102281
https://orcid.org/0000-0003-4864-078X

Internet

http://hdl.handle.net/1721.1/102281
https://orcid.org/0000-0003-4864-078X

Similar Items